Skip to main content
PlanRelevé Wiki

Security, privacy and Law 25

PlanRelevé combines organization isolation, scoped roles, stronger authentication, file encryption and export/deletion functions. These controls can support an organization's privacy program; they are not a certification or an automatic guarantee of compliance with Law 25, PIPEDA or any other law.

Access and responsibility

Main paths: Administration → Security, Users, Audit log, Storage, Data export; within a project, Members. Only owners and administrators manage organization policies. A project administrator can share that project but cannot change global security settings. See Members, roles and invitations.

Each organization remains responsible for deciding what it may upload, who needs access, retention periods and notification duties. Do not add unnecessary personal information to a plan, note or attachment.

Isolation, roles and sessions

Project records carry organization scope, and controls deny cross-organization access by default. Project roles separate viewing, reviewing, editing, exporting and sharing. Permission is checked when an operation runs, including while an AI assistant plan executes.

Sign-in supports:

  • password with lockout after repeated failures;
  • one-time email code;
  • a trusted device for 30 days;
  • organization-wide two-step verification requirement;
  • optional Microsoft Entra ID.

An administrator can deactivate an account, and sessions can be revoked. After a departure or suspected access, deactivate the member rather than removing only one project share.

Storage and encryption

Under the current privacy policy, the application and stored files reside in Canada in AWS ca-central-1 (Montréal); some ancillary services or subprocessors may process data elsewhere as described in that policy.

Stored objects—source PDFs, renders and other supported artifacts—are encrypted by the application with AES-256-GCM before upload to storage, using a versioned key unique to the organization. A SHA-256 checksum of plaintext content detects tampering on retrieval. Organization keys are themselves wrapped by a platform master key. Do not interpret this as end-to-end encryption: the application must decrypt a file to display or process it for an authorized user.

Logs, retention, export and deletion

The organization audit log records administrative and sensitive events with actor and time. Default audit retention is managed by the platform; configurable retention policies cover certain renders and exports. Review the log after an unexpected role change, export or security setting.

An owner or administrator can request an organization data export. The ZIP contains structured records and retrievable files, and is itself stored encrypted. A file retrieval error is disclosed in a manifest rather than hidden.

An organization deletion request follows an approval process and, after approval, a 30-day grace period during which the organization is suspended. Deletion then removes organization data and stored objects; some platform logs or records that policy or law requires may survive. The privacy policy is authoritative for rights, timelines, subprocessors and exceptions.

AI and plan content

AI is off by default. General AI enablement and permission to send plan/specification content are separate consents. Structured features, such as parts search, do not automatically receive plan content. For processing locations, provider-stated retention and transfers outside Québec, consult the policy rather than a screenshot or old proposal.

Response and recovery

If access is in doubt, revoke the affected access, change appropriate credentials, inspect the audit log, preserve evidence and promptly contact info@it-ca.tech. For a project output used in an internal review, see Exports; for integration controls, see API and MCP. This page describes product controls and is not legal advice or a risk assessment.

See also